Just wanted to give some information that may help some people in the future. Recently I had a client that was victim to one of the popular phone scams and they had put a "Start up password" aka syskey. I read on bleeping computer that some people have tried 123, 1234, or 12345 and was able to get in....none of these worked for me, so my guessing game began....finally I figured it out, it's "boot" now this may now work for everyone obviously but its worth a try.for easier reading.....

Possible passwords:

123123412345123456boot

After you get in, you will probably want to remove it I assume. Here is how to do so for you that may be unfamiliar.

Open run command (windows key + R i like to use)

Type syskey and press enter

Encryption should be enabled so just hit OK

For the startup key screen, select "System generated password"

Make sure "Store startup key locally" is selected

Hit OK, it will prompt for the old password, type it in and hit OK

Now you're all set! I hope this information helps.

If I had a world of my own, everything would be nonsense.....Who in the world am I? Ah, that's the great puzzle. I'm afraid I can't explain myself, sir. Because I am not myself, you see?

I just had a new syskey locked computer come in and tried all the usual passwords - 123, 1234, 123456, everything from 1 to 0. I also tried some basic words like boot, start, etc. but to no avail.Thinking about it, these scam companies need to keep their password fairly simple so it's easy for them to remember if someone actually pays them to unlock their machine, but I couldn't figure out what they had used.

So, I started thinking about the entire process of using syskey and had an epiphany. Syskey relies on the SAM registry hive to lock the current user(s) down with encryption and a password, so why not just replace the affected registry hive with a recent backup?It works. Like any other time you have to replace a registry hive, you need to replace ALL of the registry hives with their other date replacements, but it's easy enough to do.

Boot into your PE (or if you're comfortable you can do this via command prompt from a recovery console)Once inside your PE, the only requirement is that you DO NOT mount the offline registry of the affected drive.

Open a Windows Explorer (or other preferred explorer if using a Linux-based PE) and navigate to:C:\Windows\System32\config

Inside there, right-click and rename each of the following files:

default to default.bakSAM to SAM.bakSECURITY to SECURITY.bakSOFTWARE to SOFTWARE.bakSYSTEM to SYSTEM.bak

Alternately, you can create a new folder (I usually call it REGISTRY ORIG, but you can call it whatever you like) and then simply copy all of the above registry hives into that folder.

Delete each of the original registry hives only after you're sure you've backed them up.

After you've backed up the registry hives and then deleted the originals, look for the folder called RegBack ( C:\Windows\System32\Config\RegBack) inside the Config folder. Inside here are the most current settings that are likely PRE-syskey.Copy each of those registry hives over into the Config folder.

After copying the registry hives from RegBack into the Config folder, reboot and you're good to go.

If for some reason that doesn't work, you might have recent restore points you can work with from inside the System Volume Information at the root of the affected drive. Open that folder from inside your PE and find the most recent restore point, copy the registry hives from there into the System32\Config folder and you're done.

Here are the command line instructions for those of you that don't have a PE, or are just comfortable with command line in an RC: (this creates a folder called REGISTRY ORIG and copies all the affected registry hives into it, removes the originals and then copies the good registry hives from RegBack)